Polestar Privacy Policy

The Privacy Policy describes (a) the collection and processing of personal information by Polestar when the Polestar website at http://www.polestarpilates.com/ is accessed (the “Website”) or when a user contacts Polestar for information, purchases courses or merchandise, or takes a Polestar training, (b) the basis for such collection and processing, and (c) the user’s rights with respect to their personal information that is collected and/or processed by Polestar or its service providers.

This Policy applies to the processing of personal information by Polestar when you access our website at www.polestarpilates.com (our “Website”) and when you interact with Polestar by contacting us, purchasing courses or merchandise, or taking Polestar training (as described in greater detail below).

Please note that Polestar websites on specific country domains are governed by separate privacy policies.

Information We Collect (Automatically) from Website Visitors and How We Use It

When you visit our Website, you will encounter the “Manage Cookie Consent” pop-up in the lower right corner of your browser. (Be sure you don’t have any pop-up blockers enabled.) The pop-up provides options to choose the type of cookies that are stored in your browser. Users cannot opt out of “Functional” cookies. These do not collect any personal information. Rather, they identify trusted web traffic, filter requests from bots, and handle cookie consent management. Regardless of whether you Accept or Deny cookies, you can always change your choice by clicking on the “Manage Consent,” which brings up the “Manage Cookie Consent” pop-up.

There are good reasons to accept cookies on our website: your interaction can improve both the contents and functioning of our website. Let us tell you how it works. Before we explain, be assured that Polestar does not share any of your personal data with third parties. Nor do we sell it.

We use Google Analytics to collect data of your interactions with our Website. When you visit our Website, Google Analytics sets a unique identifier (called a “ClientID”) in your browser cookies. (As long as you don’t delete it, we will know that you are a return visitor.) Why this matters to us: information regarding interactions with new visitors versus return visitors tells us different things about our Website that goes into our decision-making about our Website and services.  A ClientID is considered personally identifying information because it can, at least theoretically, be combined with other public data to identify the user. Polestar does not use ClientIDs that way, however. We’re only interested in how you interact with our Website. Your identity is only important to us once you become a student, purchase something on the website, fill out a web form, or otherwise communicate with us.

Google Analytics provides us with information such as “coarse” geolocation data (your city, latitude and longitude), browser and device type, operating system, “traffic source” that brought you to our Website (e.g., a search engine, advertisement, email link, or simply the last website you visited), page views, site searches, clicks, page scrolls, outbound clicks, file downloads, and video engagement. Google Analytics may also provide us with your estimated age and gender when we are using Google for online advertising of our educational services. We maintain Google Analytics data for 26 months, at which point it expires. We do this to allow us to compare calendar quarters over that period of time to evaluate Website effectiveness and functioning.

To learn more about cookies, see https://policies.google.com/technologies/cookies. To learn more about how Google processes information (including personal information) see https://business.safety.google/privacy/. The Google Analytics Opt-out Brower Add-On (for Chrome, Firefox, Safari, and Edge) is available at https://tools.google.com/dlpage/gaoptout/. Please note that if you use Google services such as Gmail and YouTube, and are signed in to them, Google will collect information about your online activity that is unrelated to the limited information that Polestar collects (and to which Polestar does not have access).

We also use Microsoft Clarity to collect information about user interactions with our Website. Information obtained through Clarity may be in the form of heatmaps (click-maps, scroll-maps, and area maps) which show aggregate usage data; session recordings, which show exactly what users are doing on the Website at a particular point in time; or traditional analytics, consisting of aggregate data reports that include data points such as country, city (latitude/longitude), browser type, device brand and model (for mobile devices), operating system, screen resolution, the number of unique and return users, the frequency with which pages are visited, as well as clicks, scrolls, mouse movements, window resizing, selection, and script and image errors. Data from session recordings only survive for 30 days. We keep aggregate information for the maximum period of one year which, as with Google Analytics, allows us to compare Website usage over time. Clarity is GDPR compliant.

From time to time, we may use Google for “remarketing,” meaning that after you visit our Website, you may see advertising for our educational services or courses when you visit other websites. Remarketing functions by virtue of a pixel tag, which adds a cookie to your browser. We may also use the Meta Pixel on our Website to track performance of Facebook Ads. Once a user clicks on a Facebook Ad and arrives on our Website, the Meta Pixel collects the user’s information including HTTP headers (which includes the user’s IP address) and interactions, and sends that information to Facebook. The information then allows us to measure the effectiveness of our advertising and to refine our audience targeting for our advertisements.

Information That You Provide to Us

Polestar collects personal and personally identifying information provided by users as they interact with our Website and business, for example, by training to be Qualified Polestar Pilates Instructors, registering for the Polestar Pilates Hour webinar series, subscribing to our calendar of courses and events, purchasing one of our online courses, leaving reviews, text-messaging with us (which is always on an opt-in basis), or sending us inquiries through the website or via email.

Such information may include your first and last name, email address, phone number, physical address, country, city,  your professional credentials (e.g., PT or PTA), your date of birth, your payment history, credit card type and last four digits of your card number on file, your course and class history, your training attendance records, exam results, the location where you took your exam and date, and any other information that you may share with us. (Credit card transactions are handled by third-party providers. We do not have access to your entire card number.)

Also, when you call us, because we use a digital phone service, your phone number and SMS messaging number is stored as call history, and the call, or your message, may be recorded.

Our purposes and legal bases for processing the personal information that you provide to us are as follows:

  • You will have provided consent to our processing of such personal data for one or more specific purposes;
  • Such processing is necessary to our performance of a contract entered into voluntarily between you and us, including but not limited to processing and fulfilling orders, collecting payments, entering into payment plans, enrolling you in our courses; and/or
  • Such processing is necessary for the pursuit of our legitimate business interests, in this case, responding to inquiries, sending you marketing information (which is always on an opt-in basis), ensuring the proper functioning and security of our commercial activity (and Website), and maintaining the integrity of our educational programs.

Each of these bases are consistent to Art. 6(1) of the GDPR. We further believe that any risk to your data protection rights in connection with personal information that we process on the basis of our legitimate interests is not excessive or overly intrusive.

While the provision of personal information by you is not required by law, most of this data is necessary in order for us to enter into a contract with you. If you choose not to provide us with the personal information that we require, we will not be able to provide you with the products or services you may request or require, or enter into a contract with you.

Retention Periods

We will only retain your personal information as long as necessary to fulfill the specific purpose for which it was collected. However, your personal information related to our educational courses and training is retained indefinitely, until such time as you request such information to be deleted. We believe this is necessary in order to maintain the integrity of our educational programs, which are based on long-term relationships, continuing education requirements, and the use of our trademarks. Please further note that if you have been granted a license to use any of our trademarks for any reason (e.g., in your Pilates practice), deletion of your personal information will result in a cancellation of your license.

However,

  1. with respect processing merchandise orders (including collecting payment and sending invoices), we will maintain personal information for no more than ten (10) years after completion of the order;
  2. with respect to responding to inquiries, we will maintain personal information for no more than three (3) years after the inquiries are closed;
  3. with respect to phone messages and calling records, three (3) years;

if you request a deletion of your personal information, we will do so as soon as possible (and in any case within the time frame specified in applicable law), it being understood that some of that information will first need to be anonymized where we are required to maintain related information in order to fulfill our legal and tax obligations.

While Polestar continues to process your personal information, we will ensure that it is processed in accordance with this Policy. Otherwise, we will securely erase or anonymize your personal information once it is no longer needed.

How We Share Your Information

Except as provided below with respect to “Service Providers,” we do not share your personal information with any non-affiliated third party without your permission. We may, however, share your personal information with certain entities that control us, are controlled by us, or are under common control with us (our “Affiliates”), and our Affiliates agree to process such information based on our instructions and in compliance with this Policy and any other appropriate confidentiality and security measures.

We do share your data with Service Providers, including D2L/Brightspace and Momence, who we engage to provide services to efficiently operate our business and perform certain functions for us. Our contracts with those service providers require that they agree to process your personal information based on our instructions and in compliance with this Policy and the Polestar Data Privacy Framework Statement. We will take appropriate steps to ensure that your information will be used solely to provide the services requested by us, and not for any other purpose.

When you enroll in training or purchase an online course, Polestar shares your personal information with the Service Provider that provides us with our Learning Management System (“LMS”). The LMS helps us to keep track of your training and progress with Polestar.

For Website sales of Polestar educational products, we collect your full name, billing/shipping address (including city, state, postal code, and country), telephone number email address, and purchase history. For Polestar training programs, we collect your full name, email address, courses taken, grades, attendance records, and completion rate (percentage of course content taken).

We are informed by our LMS provider that it uses cookies to improve performance and functionality, and to store users’ secure session identifiers after they have logged in. These cookies are used solely to maintain authentication within the application for the duration of the session. They are stored in memory, not written to the user’s hard drive, so that once the user exits the application, the cookie is expired and removed from memory. (This behavior may vary slightly from browser to browser.) When users log back into the application, a unique GUID (globally unique identifier) is created, stored in the database, and a new session cookie is created. These cookies do not contain personal information, do not track users who have not logged in, and do not track users across multiple sites.

Polestar also shares your personal information with Momence, which we use to handle our communications with you, your purchases, and monitor your attendance during Zoom sessions. Polestar creates Momence accounts internally using your full name and email address. Once we create a Momence account for you, Momence sends you an email with your username and a link to create a personal password.

Other categories of Service Providers include cloud computing services, communication and collaboration tools, data analytics services, data storage service providers, finance and accounting tools, payment processors, sales and marketing tools, social networks, user account registration and authentication services, and website hosting service providers. These Service Providers cannot do anything with your personal information unless we have instructed them to do it. They will also not share your personal information with any organization apart from Polestar. They are committed to protecting the data they hold on our behalf and to retaining it for the period that we determine.

Other Disclosures

Additionally, Polestar may share your personal information in response to subpoenas, court orders, or other lawful requests by public authorities, including to meet national security or law enforcement requirements. We may also disclose personal information in order to enforce or apply our rights and agreements, or when we believe in good faith that disclosing this information is necessary or advisable, including, for example, to protect the rights, property, or safety of our businesses, our websites, our customers, our users, or others, as permitted under the applicable laws, or as otherwise required by law or by government and regulatory entities. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction.

We may also share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.

Information Security

Polestar is committed to doing its best to maintain the security of information collected on our websites. To try to prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, we have implemented physical, electronic, and managerial procedures to safeguard and secure the information we collect.

Despite the efforts we take to safeguard and secure information, there is always some risk in transmitting information electronically. As we deem appropriate, we use security measures consistent with industry standards.

Your Rights

The following section explains rights that you may exercise (where available under applicable law). The various rights are not absolute, and each is subject to certain exceptions:

The right of access – You have the right to obtain from us confirmation as to whether or not your personal information is being processed by us, and about certain other information (similar to that provided in this policy) about how it is used. You also have the right to access your personal information, by requesting a copy of the personal information concerning you, which in most cases will be provided free of charge. This is so you are aware and can check that we are using your information in accordance with applicable data protection and privacy laws. We can refuse to provide information where doing so may reveal personal information about another person or would otherwise negatively impact another person’s rights, or where your requests are repetitive and excessive

The right to rectification (correction) – You can ask us to take measures to correct your personal information if it is inaccurate or incomplete (e.g., if we have the wrong name or address for you).

The right to erasure (deletion) – This is also known as the “right to be forgotten” and, in simple terms, enables you to request the deletion or removal of your personal information where, for example, there is no compelling reason for us to keep using it or its use is unlawful. This is, however, not a general right to erasure and there are some exceptions, e.g., where we need to use the information in defense of a legal claim or to comply with a legal obligation.

The right to restrict processing – You have the right to “block” or suppress the further use of your personal information under certain conditions when we are assessing a request for rectification or as an alternative to erasure. When processing is restricted, we can still store your personal information, but may not use it further without your consent or just for the establishment, exercise, or defense of legal claims or for reasons of important public interest.

The right to data portability – You have the right to obtain and reuse certain personal information for your own purposes across different organizations (being separate data controllers). This only applies to your personal information that you have provided to us that we are processing with your consent and for the purposes of contract fulfillment, which is being processed by automated means. In such a case we will provide you with a copy of your data in a structured, commonly used and machine-readable format or (where technically feasible) we may transmit your data directly to a separate data controller.

The right to object – You have the right to object to certain types of processing, on grounds relating to your particular situation, at any time insofar as that processing takes place for the purposes of our legitimate interests. We will be allowed to continue to process the personal information if we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or we need this for the establishment, exercise or defense of legal claims. If you object to the processing of your personal information for direct marketing purposes, we will no longer process your personal information for such purposes.

The right to withdraw consent – Where we process your personal information on the basis of your consent, you have the right to withdraw your consent at any time. However, such withdrawal does not affect the lawfulness of the processing that occurred prior to such withdrawal. 

The right to lodge a complaint – If you believe that we do not comply with applicable data protection laws, you have the right to lodge a complaint before any competent data protection authority.

You may contact us any time at privacy@polestarpilates.com to exercise these rights. Please note that data which cannot be used to identify you, e.g., data that has been anonymized for analysis purposes, is not affected by the above rights.

Children’s Privacy

It currently is our policy not to knowingly collect personal information from any person under the age of 13. If a parent or guardian becomes aware that his or her child has provided us with personal information without their consent, he or she should contact us at privacy@polestarpilates.com. If we become aware that a child under 13 has provided us with personal information, we will endeavor to delete such information from our files as soon as possible.

Non-U.S. Residents

If you are located outside the U.S., please note that you may be transferring your personal information to a country that does not have the same data protection laws as your home country. For personal information received from the European Union, European Economic Area, United Kingdom (and Gibraltar), or Switzerland, Polestar (including Polestar Enterprises, LLC) is committed to handling your personal information in accordance with this Policy and the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF), as administered by the U.S. Department of Commerce. If there is any conflict between the terms of this Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles (collectively, the “Principles”), the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/. The Principles appear on the DPF website at  https://www.dataprivacyframework.gov/EU-US-Framework

Polestar’s accountability for personal information that it receives under the Principles and subsequently transfers to a third party is described in the Principles. In particular, Polestar remains responsible and liable under the Principles if third parties engaged by Polestar process the personal information in a manner inconsistent with the Principles, unless Polestar proves that it is not responsible for the event giving rise to the damage.

How Can You Contact Us?

Please direct any comments or concerns you may have about this Policy to Elizabeth Jimenez at privacy@polestarpilates.com.

Complaints will be resolved internally in accordance with Polestar’s complaints procedures. If you live in the European Union, European Economic Area, United Kingdom (and Gibraltar), or Switzerland and efforts to resolve the matter internally are unsatisfactory, the complaint may be submitted to binding arbitration by filling out the Notice of Arbitration linked at https://go.adr.org/dpf_irm.html. This provider has been selected by Polestar as the independent recourse mechanism to resolve complaints and disputes relating to treatment of data originating in the European Union, European Economic Area, United Kingdom (and Gibraltar), or Switzerland under this Policy. Polestar is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

Policy Modifications

As we continue to develop our Website and take advantage of technologies to improve the services we offer, this Policy will likely change. We encourage you to refer to this Policy on an ongoing basis, so that you understand our current Policy.